Preparation Planning Reporting Implementation

Configuration

After you have completed the migration plan, the next step is to configure your security solution.SolarWinds MSP recommends that you perform and document this configuration prior to deploying AV Defender to minimize issues and reduce the time for deployment.

The illustration below represents the recommended process for this stage of migrating to AV Defender. Each sub-section of the process is described below to provide guidance on how to configure your AV Defender security solution.

Configure Exclusions

The Exclusions module that you configure with AV Defender Profiles defines which operations will be evaluated for exclusion. For example, if you exclude a file only for on-demand scanning, then only scheduled and on-demand scan tasks evaluate this exclusion. If you exclude files only for on-access scanning, then the on-access scanner evaluates the exclusion at the moment the file is accessed to determine if it should scan the file.

The scanning driver maintains a cache of 64 File/Folder exclusions in memory. When a file is scanned when it is accessed or during a scan task, each file is submitted to the driver and the driver then evaluates if it is in the current list of exclusions. If the file is excluded, the scanner does not scan the file.

Due to this evaluation process, each additional file and folder exclusion causes an incremental delay in releasing that file to the operating system during an on-access scan. This is why the number of active File/Folder exclusions is limited to 64. If you have more than 64 exclusions, AV Defender will warn you.

Based on the information that you collected in the previous phases, you should create exclusions for applications with a known conflict and for key business applications. Remember to use Process exclusions where possible, Folder exclusions if necessary, and File exclusions only as a last resort.

You can add exclusions in a number of ways including:

  • AV Defender Profiles,
  • Global Exclusions at the Customer/Site level, and
  • Global Exclusions at the Service Organization level

When creating exclusions, you should first determine whether they should be global exclusions or Profile-specific exclusions. If the object of the exclusion applies to all environments, then create a global exclusion.

Create global exclusions

  1. Click Configuration > Security Manager > Global Exclusions.
  2. Click the appropriate tab to select the type of global exclusion you want to create.
  3. Click Add.
    • For a process, type the full process full path. For example, wsp.exe.
    • For a file or folder, type the location of the file or folder. For example, C:\documents.
    • For a network scan, type the IP, URL, or application. For example, www.tmz.com.
  4. Click Save.

Create a Profile-specific exclusion

  1. Click Configuration > Security Manager > Profiles.
  2. click Add and select a server or workstation/laptop profile.
  3. Click Edit Settings beside the Exclusions module.
  4. Click the appropriate tab to select the type of exclusion you want to create.
  5. Click Add.
  6. Configure the exclusion:
    • For a process, type the full process full path. For example, wsp.exe.
    • For a file or folder, type the location of the file or folder. For example, C:\documents.
    • For a network scan, type the IP, URL, or application. For example, www.tmz.com.
  7. Click Save.

Configure Profiles

In the preparation and planning stages, you determined what the customer's needs were concerning antivirus protection. Now you can configure the AV Defender Profile to will meet those requirements.

AV Defender Profiles use modules to structure the way that security protection is provided. The Anti-malware module is always included with every AV Defender Profile as it is a core component of AV Defender. You can install and enable all other modules based on the customer's requirements. You can make the security protection more efficient by installing only the modules that are needed.

Configure Notifications

Monitoring services are added by default. For new installations or installations with the Antivirus default, notification triggers are configured as:

  • AV Defender Status service – Trigger on Failed
  • AV Defender Security Events service – Trigger on Failed
  • AV Defender Behavioral Event service – Trigger on Failed

The individual services also play a role in defining when notifications occur.

Set Up Automation

To be successful and efficient in deploying AV Defender, there are several automation features that you can configure prior to deployment. It is strongly recommended that you configure automation features in the following order:

  1. Assign Notifications
  2. Assign Service Templates
  3. Build Maintenance Windows - Install, Update and Upgrade.
  4. Configure Scan Task

For simplicity,SolarWinds MSP strongly recommends that you either create a new Rule to contain these settings or edit the existing default AV Defender Rule included with MSP N-central so that it includes the security features that best suit your customer's needs.

Rules are re-evaluated whenever there is significant device or asset changes on existing devices, or as new devices are added. If you want a Rule to be re-evaluated for any other reason, simply revise the Rule and save it. This will cause the Rule to be re-evaluated and it's revisions to be propagated to the associated devices.

Step 1: Assign Notifications

If you created new Notification Profiles in the previous stage, these will need to be assigned to devices using Rules. If you are utilizing default configurations, these will have been already assigned to all Windows devices by default.

Step 2: Assign Service Templates

If you have chosen to customize the service defaults in the previous step, you must perform the following:

  • Create a Service Template using the Add or Modify option.
  • Customize the Service Template with the required services and settings.
  • Assign the Service Template to the Rule that you created or to the default AV Defender Rule.

Step 3: Build Maintenance Windows

To configure Maintenance go to the Maintenance Window tab of the Edit Rule window. They can also be configured for individual or multiple devices but it is strongly recommended that you do so using Rules.

To ensure that your installation of AV Defender software proceeds as smoothly as possible, it is strongly recommended that you configure a Maintenance Window for the following AV Defender actions:

  • Installation
    • During the installation process, you can choose to install AV Defender software either immediately or during a scheduled Maintenance Window. If you plan to choose Immediately, these properties do not need to be configured.
    • If you want to install AV Defender software during a scheduled Maintenance Window, it is strongly recommended that you configure the appropriate Maintenance Window for your devices prior to starting the deployment of AV Defender.
  • Update
    • AV Defender updates are minor module updates that will usually not require a computer re-start. These updates are controlled and distributed by the AV Defender Update server or directly to the Cloud depending upon the configuration in the AV Defender Profile.
    • The default AV Defender Rule contains a scheduled Maintenance Window that configures updates to Always take place. If this is not an acceptable configuration, you can customize these properties or remove them and create your own.
  • Upgrade
    1. AV Defender upgrades are major version changes that will require a computer re-start.
    2. To reduce issues and the time required to manage AV Defender, it is strongly recommended that you schedule a Maintenance Window to allow AV Defender upgrades on an acceptable scheduled time frame.

Step 4: Configure Scan Task

  • Create a Scheduled Task Profile.
  • Add a new task to the scheduled task profile for a new AV Defender Full or Custom Scan.
    1. Configure the parameters of the scan.
  • Save the Scheduled Task Profile.
  • Assign the Scheduled Task Profile to your Rule or to the default AV Defender Rule.